Passkeys make user accounts safer, simpler, easier to use.
Create a sign in experience that leverages passkeys while still accommodating existing password users.
The BBC is rolling out HSTS for their website to improve security and performance. Find out what it means, and how HSTS can help you.
Learn how to set first-party cookies to ensure security, cross-browser compatibility, and minimize chances of breakage once third-party cookies are phased out.
Forgetting or misusing the Cache-Control header may negatively impact the security of your website and your users' privacy.
The new Sanitizer API aims to build a robust processor for arbitrary strings to be safely inserted into a page.
Learn more about headers that can keep your site safe and quickly look up the most important details.
How to deploy a CSP based on script nonces or hashes as a defense-in-depth against cross-site scripting.
Cross-origin isolation enables a web page to use powerful features such as
SharedArrayBuffer. This article explains how to enable cross-origin
isolation on your website.
Sometimes, you need to run your local development site with HTTPS. Tools and tips to do this safely and quickly.
Using http://localhost for local development is fine most of the time, except in some special cases. This post explains when you need to run your local development site with HTTPS.
Maximize conversions by helping your users complete address and payment forms as quickly and easily as possible.
Help your users sign up, log in and manage their account details with a minimum of fuss.
Learn how to optimize your SMS OTP form and improve user experience.
The definition of "same-site" is evolving to include the URL scheme, so links between HTTP and HTTPS versions of a site now count as cross-site requests. Upgrade to HTTPS by default to avoid issues where possible or read on for details of what SameSite attribute values are needed.
Redirect a request to
/.well-known/change-password to the change-passwords URL
Best practices to set your Referrer-Policy and use the referrer in incoming requests.
A summary of the major news and updates that were announced during our 3-day online community event, and a reminder about upcoming regional events.
Use cross-platform browser features to build sign-in forms that are secure, accessible and easy to use.